About Jason Thibeault

Hi! I'm a tech guy, skeptic, feminist, gamer and atheist, and love OSS and science of all stripes. I enjoy a good bit of whargarbl now and again, and will occasionally even seek it out. I am also apparently responsible for the death of common sense on the internet. My bad.

I have opinions. So do you. You want to share them with me. I would like to do likewise. Please don't expect a platform for proselytizing that will go unchecked and unchallenged, though. Contact me via the clicky thingies under my banner.

The commenting rules are simple: don't piss me off. This rule has worked for me for a decade; I have never found a need for any other rule, because any other rules leads to rules-lawyering. Just remember -- this is my property, not yours.

The sophistry and revisionist history in Skeptoid Brian Dunning's statement

My understanding of Brian Dunning’s cookie-stuffing scheme is fairly thorough at this point. I’ve read the articles in major news organizations about Dunning and Shawn Hogan’s scheme, and I happen to understand to a very high degree of fidelity the workings of the World Wide Web and cookies. So when I read the statement that he wouldn’t allow copying-and-pasting on, I balked. Not only at the lies, misdirection and obvious con-man level sophistry going on in the post, but that anyone who claims to have pulled off such a job might think that what they claim to have done is actually plausible.

Rebecca Watson has done a thorough job at deconstructing the statement for what it is: a great ball of chaff thrown up to confuse the radars of so-called skeptics who are evidently unable to recognize such tactics. But there’s some nuance I’d like to add, specifically because there are parts that appear to directly reference something I blogged about recently, which has bubbled up to very near the top of search results on the terms “Skeptoid” or “Brian Dunning”.

Shawn Hogan, eBay’s top affiliate, and Brian Dunning had each joined the eBay affiliate program in 2000 and 1999, respectively. They met in 2003 and became friends. In 2006, they evidently hatched a scheme while playing World of Warcraft to make a large number of referrals and thus generate a siginificant payout from eBay by using a technique called “cookie stuffing”. They would disseminate the stuffed cookies using website widgets, little gadgets a webmaster could install on their site intended to show something interesting like who in the world was loading that specific page in realtime.

This cookie-stuffing technique involves placing the user’s affiliate cookie — a tiny piece of data that is stored in a user’s browser and can be used to track pieces of information — on systems that happened to visit any website that had a chunk of code that Hogan or Dunning controlled; specifically, the widgets they’d offered for free acted as something of a trojan horse to spread their cookies far and wide. This cookie would report to eBay any time a web surfer thereafter visited eBay and purchased something, so that to eBay it would register as having been generated through Hogan’s affiliate link.

Under normal use, legitimate cookie setup allows for small businesses to link to things on eBay and, if the web user legitimately clicked through on that link and purchased an item, the small business would get a percentage commission or some other prearranged compensation. In Hogan and Dunning’s cases, people were not actually clicking through links to eBay’s site — they weren’t ever visiting eBay, they were only receiving the cookie. The stuffed cookie caused eBay later to believe that some percentage of web users’ purchases should be credited to Hogan’s or Dunning’s affiliate program. This functionality was clearly not the intended design of the program; those users did not actually go to eBay directly from their sites intending to buy something. They didn’t even touch eBay at all, save for being made to obtain the cookie.

Dunning had formed a company with his brother, Todd Dunning, in 2003, called “Kessler’s Flying Circus”. They were evidently the sole owners of the company, and not, as Brian suggests, “employees”. They went into affiliate marketing and made a very meager paycheck in referring people back to eBay — certainly no get-rich-quick model. In early 2006, near the beginning of the stuffing scheme, Todd attempted to rat out Shawn Hogan to eBay, but initial investigations chalked that up to rivalry between the two companies competing in the same space.

When Hogan ended up making huge amounts more than Dunning, because Hogan had figured out how to use an invisible single pixel link to jam a whole web request over to eBay without a user actually clicking anything, Dunning turned on Hogan. Dunning actively blackmailed Hogan to help him improve his own game, because Dunning couldn’t figure out how to reverse-engineer what Hogan had used in his own widgets.

Dunning also took specific steps to avoid detection, such as never installing cookies in the city where eBay’s or Commission Junction’s home offices reside, cloaking the cookie request in some Javascript so it wasn’t detectable to someone viewing the source code of the widget, and even avoiding stuffing a cookie on the same computer twice, because seeing more than one cookie on the same computer with their affiliate ID could raise some hackles at eBay.

In 2008, eBay was fed up with the deflection and lack of justification for the huge numbers he was driving; every time they’d asked Dunning or Hogan for more information on how they were driving so much traffic, they weren’t given satisfactory answers. They sued Dunning, Dunning and Hogan; discovery dragged out and two years later, they still hadn’t reached trial.

By 2010, investigators had finally figured out that 99% of the traffic that they were receiving from Dunning and Hogan’s scheme was illegitimate, ultimately only discovering this by correlating whether or not someone actually visited their webpage when they received a cookie with the suspected stuffers’ IDs. Why they didn’t do this previously, I could not fathom, except that from their standpoint, they saw hits rolling in and thought they were making a ton of cash from it, and so were blinded by the “success” of the program.

Knowing all of this, let’s highlight the lies in Dunning’s “statement”.

In about 2003 my company partnered with another to form “Kessler’s Flying Circus”

By “my company” you mean yourself; by “another” you mean your brother Todd. You had affiliate “companies” previously, which you disbanded (easy to do when you’re the owner and only employee!), and formed the new umbrella megacorp. Of two people. Holding all the same assets you held previously.

Affiliate marketing is where you place ads on the web, and if anyone clicks those ads and subsequently makes a purchase, you would get a sales commission of some kind.

Yes, that’s what affiliate marketing is SUPPOSED to be. You did an end run around the service, faking the whole part where you provide eBay with any actual service in exchange for their commission.

For our first few years we had very little success, making perhaps a few hundred dollars per month.

Probably because you were playing by the rules at first.

The money he made pre-scheme is important. I’ll come back to this.

But then, working in close association with eBay and with Commission Junction (the company that managed eBay’s affiliate program) we developed a pair of useful widgets: ProfileMaps, that showed a map of visitors to your MySpace page; and WhoLinked, a WordPress plugin that showed who has linked to your blog.

You actually did not vet the functionality of the code with eBay, as evidenced by their investigations, subsequent lawsuit, and your subsequent criminal indictment, and so your “working closely” involves, actually, all the little ways you tried to make it harder for them to detect what you were doing that I mentioned earlier.

You were making effectively no money doing things legitimately, as you’d just said; then you built a widget that overtly did absolutely nothing eBay-related, and that went viral. But it was doing something covertly: stuffing cookies onto the target computers. You admitted that your efforts prior to cookie-stuffing were not making you the sort of cash you were expecting. Then you were making gobs of money, suddenly and like through magic. All without actually delivering users to eBay the way any affiliate marketer might do legitimately — the service that eBay THOUGHT it was paying you for.

I was the second highest paid employee, and I did earn over a million dollars personally over 2006 and 2007 before taxes.

Then the first-highest paid employee must have been Todd Dunning, your brother. Since you were the one doing all the illegal stuff with cookies, what exactly was Todd doing to merit more pay, other than being in the know and trying to blow the whistle on Hogan? How MUCH more did he make, considering you were being sued for having made $5.3 million? That “over a million” represents AT LEAST 18% of all the earnings of Kessler’s Flying Circus from the entirety of the eBay cookie-stuffing scheme. How much more than a million was it, exactly? Could it have been 2 million? Two and a half?? That’s closer to what I’d expect, given all the operating costs and overhead of running a two-person company that builds web widgets and delivers ads on websites from inside your own home.

And the “clarifications” Dunning makes are priceless. To wit:

That I “stole millions of dollars”. Completely false. The vast majority of KFC’s earnings, over 90%, were never in dispute. My share of the unearned commissions was about a third of the $200-400K, on which I paid taxes. That doesn’t make it any less of a crime, but absurd exaggerations serve nobody.

Kessler’s Flying Circus made $5.3 million from eBay, in total. The government, in their wiretapping charges, stipulated that because they couldn’t actually determine what amount of money came directly from eBay from users that didn’t intend to get to eBay through another affiliate, and what amount was actually stolen from other legitimate affiliates (by having their cookie override it), they by all appearances lowballed to ensure a conviction. So, all parties agreed that at least $400,000 of the money Brian Dunning made from that program was stolen from eBay. It’s not that the rest of the money isn’t in dispute — it rightly is disputable. The problem is that doing the math on how much is actually “unearned” by the definition used here, specifically the users who counted as commissions were just people who happened to go to eBay and purchase something at some point after having visited a website that had one of Dunning’s widgets on it.

It beggars belief to suggest that 90% of the $5.3 million that Kessler’s made off of eBay actually came from either people legitimately clicking on an ad on one of Dunning’s sites, considering what Dunning admitted to making prior to the scheme, or resulted from people actually clicking on someone else’s affiliate ad but getting credited to Dunning instead. In the former case, that’s totally legitimate, but cap that at “a few hundred dollars a month” times twelve. In the latter case, I would count that as absolutely illegitimate, and totally disputable.

And further, “Operation Tripwire”, wherein eBay included a 1×1 pixel image of their own on the legit site in order to correlate stuffed cookies with actual pageviews, discovered 99% of the traffic sent with Dunning’s ID was illegitimate. The problem comes in cross-referencing whether people getting the stuffed cookie actually ever went on to buy something; whether they went on to buy something from someone else’s ad; or whether they actually bought something without ever clicking on someone’s ad at all. Because all of those numbers were fuzzy, the government lowballed. And that’s fine. There are some numbers that, without deep forensics and very careful logging that eBay obviously didn’t have in place, are impossible to suss out after the fact.

It DOES mean that the 15 month conviction is also a lowball, considering someone mugging a person and stealing a hundred bucks might get them five to ten years. White collar crime should absolutely get stiffer penalties than blue collar crime, in my estimation. Only in cases of violence should the latter be treated more sternly.

That any individuals were affected. Completely false. The only victim was eBay, and the nature of their loss was a reduced profit (due to paying unearned sales commissions) on new paying customers who had viewed one of our ads.

No, individual end-users who purchased from eBay were not impacted. It would not increase the amount they paid to eBay at all. However, individual rival affiliate marketers were almost certainly impacted by having their cookies overridden with your own. You stole some indeterminate amount of money from other affiliates, and some other indeterminate amount of money directly from eBay, and because those numbers are hard to suss out of the total $5.3 mil, the government just went with $400,000 and you and your lawyers agreed.

It’s all in the court records, Brian. Maybe you should read them. Given that you pled guilty to this, it might have been a good idea to know and understand exactly what you were pleading guilty TO.

A conspiracy theory that my nonprofit Skeptoid Media, Inc. was set up as some kind of shield to hide stolen millions. First, I never had millions in my possession; second, you cannot shield money from the feds. The federal government can seize anything at any time; there is no protection like there is in state cases (e.g., moving to a state that allows you to keep your primary residence). Skeptoid Media exists only for its stated reasons: producing free educational materials and STEM-focused informational and entertainment content, made available to educators and individuals worldwide, concentrating on critical thinking and scientific skepticism.

This is almost certainly referring to my earlier post on Dunning’s fraud, which to my knowledge is the first such post alleging that Skeptoid Media was converted into a non-profit during Dunning’s pre-jail eleventh hour, when he realized that it was all going to hell and he would face consequences for his fraud.

And it’s not what my post argued. My post argued that Skeptoid could not survive on its own with Dunning imprisoned, and so turning it into a non-profit was a good way to ensure it survived past him. And that, in and of itself, is a good way to do things; I’d rather skeptical outreach organizations actually have public accounting for their cash flow so we can scrutinize (some might say, skeptically!) what’s actually being done with our donations.

It further argued that because the civil suit was eventually dropped and eBay did not seize any funds from Hogan or Dunning, and because the FBI did not levy a fine against Dunning in sentencing, the $5.3 million that Dunning’s company made off of eBay comes with only one fine: fifteen months in white collar jail and three years supervised release. He’s effectively bought millions of dollars in exchange for a short stint in jail.

Regardless of how much of that money is actually usable by you or your (loving, beautiful, probably innocent, probably undeserving of this travesty) family, YOU are still getting off really goddamn easy here, Dunning. If the government had decided to seize $5,300,000, it would obviously bankrupt Dunning, because much of that money’s already been spent, either by him (paying mortgages, setting up college funds, paying off debt), or by Todd, or by Kessler’s Flying Circus in “overhead”. We also don’t know how much money Dunning directly contributed to Skeptoid. However much that was, I can virtually guarantee you that it’s touched tainted money. Unless Dunning did not use any of his own capital to seed Skeptoid, ever, and he’s taken very great care in maintaining his books, Skeptoid has almost certainly seen some of that money.

And it’s untouchable now. The money that Dunning has made, now that he’s convicted with no fine, and the civil suit is dropped, is untouchable. Some of it almost certainly went into Skeptoid. And we have no clue how much that is.

Unless the IRS decides to pay very, very close attention to Skeptoid, including a thorough accounting of all income prior to getting non-profit status, Dunning will have faced no monetary repercussions for his actions.

But given his status as a convicted felon, if you want to trust him with your money and donate to Skeptoid, you just feel free. That’s your lookout. We skeptics are only supposedly in this community in order to prevent fraudsters from taking your money under false pretenses; I don’t know what that might POSSIBLY have to do with THIS specific situation, do you??

That I’m a millionaire who has the gall to beg for donations. Please do not conflate the two. Donations that support the Skeptoid podcast go only to support Skeptoid Media, a good cause.

Welllllll… You DID just admit to making over a million dollars pre-tax during the one year your scam was running and you were still affiliated. That makes you a millionaire, even if you don’t have it in the bank. It’s language sophistry at its finest. We don’t have any way of knowing that you didn’t ever have a million useable dollars in the bank. You’d know better than I how high your bankroll actually ever climbed as a result of your misdeeds.

And you carefully and attentively pointed out that donations to Skeptoid only go to Skeptoid. That is secondary to the thrust of the complaint you’re rebutting here, being that we don’t know how much of your ill-gotten gains went to support Skeptoid too. People don’t like donating to people who are not in any sort of financial need. And even if there IS a financial need, people feel an odd sense of entitlement toward policing how that money gets spent, even if the plan is entirely laid out in advance and totally transparent. People especially don’t like donating to someone who claims to have a need, but turns out to have alternate means of funding that they hadn’t disclosed — like, oh, say, millions of dollars rolling in from defrauding a major corporation and everyone else in the same affiliate program as you. Beyond that, since your alternate means of funding was actually illegal, as evidenced by your going to jail for it, some people who’ve donated to your podcast might feel suddenly and understandably very put-out about having done so.

The piece de resistance of the piece, his sidebar about rescuing a Chinese family from a car rollover notwithstanding, is this throwaway in the “clarifications” bit:

Separately, I am not a millionaire and my family is under a huge amount of debt and has no savings at all, but working that out is our problem, not yours, and not Skeptoid Media’s.

You said earlier that you paid off your mortgages, and set up college funds, and were “just about to start saving”, implying your debts were paid off. So… pardon me if this seems a bit unsympathetic, but cry me a goddamn river.

Finally, I should note that while I once lamented the virtual radio silence the skeptical community has endured on the nature of Dunning’s fraud, I am heartened that Freethought Blogs and Skepchick are no longer the only blog networks who refuse to let this story get memory-holed. Hemant Mehta has some choice words for Brian Dunning as well.

Like this:

Related

About the author

Hi! I'm a tech guy, skeptic, feminist, gamer and atheist, and love OSS and science of all stripes. I enjoy a good bit of whargarbl now and again, and will occasionally even seek it out. I am also apparently responsible for the death of common sense on the internet. My bad.

I have opinions. So do you. You want to share them with me. I would like to do likewise. Please don't expect a platform for proselytizing that will go unchecked and unchallenged, though. Contact me via the clicky thingies under my banner.

The commenting rules are simple: don't piss me off. This rule has worked for me for a decade; I have never found a need for any other rule, because any other rules leads to rules-lawyering. Just remember -- this is my property, not yours.

18 thoughts on “The sophistry and revisionist history in Skeptoid Brian Dunning's statement”

I personally get much higher traffic than Skeptoid; I was in an affiliate program, and I get ad revenue. It’s a nice supplement to my regular income, but I’m not giving up my day job.

That someone could earn OVER A MILLION DOLLARS A YEAR from this kind of thing, which is about what I earn as a college professor in about 20 years, ought to be a clear sign that something shady is going on.

Or that I’m utterly incompetent at monetizing my traffic, which could be true. But I don’t think I could increase web income by a few orders of magnitude without cheating.

If I could only make 30k a year (a tiny bit more than my best years ever) without getting fucking laid off every two years, I’d be getting by. That this guy could piss away millions is as offensive as his stealing them in the first place.

You said earlier that you paid off your mortgages, and set up college funds, and were “just about to start saving”, implying your debts were paid off. So… pardon me if this seems a bit unsympathetic, but cry me a goddamn river.

I’m sure if he was allowed to steal some more money, he would be better off. I’m sure that he’s very frustrated that the cops discovered his illegal gravy train and put a stop to it. I’m sure the legal bills he incurred while trying to weasel out of paying for his crimes are a strain on his financials. What I’m not sure about is why he thinks this is going to get him any sympathy.

He robbed people! You don’t get to paint yourself as a victim when you’re the criminal. You can’t complain that your source of income is shut off when that source is other people’s pockets. What the hell was he thinking?

He was probably limited in what he could say by legal reasons, but it would be nice if he had tried to “own it” and said something like “back in 2006, my company was an eBay affiliate and making a small amount of money. We discovered that we could vastly increase this by creating a script that would trick eBay into thinking we had driven traffic to their site. We knew this was dishonest, against the terms of use and wold be getting money from them for something we had not done. We thought we had found a loophole so that it was not actually illegal, though we still tried to prevent them from finding out. I got caught and stopped, and my lawyers tried to have it dismissed, or treated as civil only, or to avoid a prison sentence, but the government disagreed and I was sentenced to jail”

And you carefully and attentively pointed out that donations to Skeptoid only go to Skeptoid.

Which may be true, or may be true in the same way that “I earned over a million dollars personally” is true about KFC–in that it ignores that he’s the head of the company (which presumably allows some latitude in how the company’s assets are used) and that his wife was raking in $10,000/month as an employee. I don’t know about Dunning, but when my wife makes money, we both benefit.

So we don’t know how much money Dunning makes as Executive Director of Skeptoid Media. Until their financials are released, which hasn’t happened yet, we won’t know what he makes in that capacity. It’s entirely possible that he’s drawing separate paychecks–or receiving money in a more easily-disguised way–as the host of Skeptoid and InFact, or as lead researcher, or any number of other ways. Skeptoid is, as far as I know, still run out of Dunning’s home. It’s not hard to imagine a fund for podcast overhead going right back into Dunning’s pocket (or offsetting money that he would otherwise have to spend to maintain that equipment and so forth).

@LykeX:

You don’t get to paint yourself as a victim when you’re the criminal.

Why not? Dunning sees the success that others in the skeptical community have had doing just that, why wouldn’t he give it a shot too?

3) It’s downright eerie to read a story involving malfeasance and Facebook in which the latter didn’t perpetrate the former. Are you sure some internet space warp hasn’t connected us to a cubical planet?

It’s staggering how much of this is flat-out wrong. Why does it never occur to anyone to ask for information before blogging? I remain available to happily answer any questions. Since August 4, I’m able to talk about it full detail. I got some of it out on the August 11 episode of Skeptically Yours (unfortunately I don’t have the YouTube link yet). I invite anyone to email me for direct answers to direct questions, which you’re welcome to publish or ignore. You can reach me at [email protected].

You have to understand that we were never able to present a defense because we were cooperating since 2007 and pleaded guilty. Thus, the only information that ever made it into the press was the press releases and motions filed by the prosecution. The majority of everything that happened in court was sealed. This article is chock full of factual errors. I can’t present sealed documents, but I can present a lot. Some is here at http://www.briandunning.com/fix and some of it we were able to talk about on Skeptically Yours.

Jason, if this is anything like the comment he left at my place three years ago, it’s entirely possible that this is a form comment. That said, unlike my previous experience, I wasn’t able to find similar comments on the other prominent posts about Dunning’s sentencing, so maybe he’s just got an issue with you.

An issue, of course, that he doesn’t bother spelling out, because that’s what skepticism is, right? Saying that people are wrong and then not elaborating on why or how? Instead of making a case, just saying “buy my book listen to my podcast”?

Dunning is complaining about his defense’s documents being sealed, but they are only sealed because his defense specifically requested that. For some reason, Dunning didn’t want his defense made public, which he is now using to argue that people don’t have all the facts. Weird.

Cath Murphy: skepticism is a toolset against which we test all ideas, claims, and evidence. If all we were doing here is finding a random person who’s going to prison and piling on, that’d be one thing, but what you’re ACTUALLY objecting to here is us examining the claims and evidence provided by Brian Dunning in defense of his defrauding eBay, and the very human tendency of skeptics to defend him and his practices rather than actually examining the crimes and evidence presented.

And we’re doing so for a specific reason: to keep others from being defrauded by this demonstrable fraudster.

Some might say THAT is the goal of movement skepticism, rather than simply going after urban myths. Find humanity’s intellectual blind spots and shore them up. That’s our goddamn point. If we can’t do that when there’s someone exploiting those blind spots WITHIN OUR OWN FLOCK, then we have problems.